Posts Tagged ‘InetVis’
ISSA 2008 Results
Written by Barns on May 26, 2008 – 3:21 pmAs promised, ISSA got back to us today with the result of submissions to this years conference. My submission was accepted as a work in progress paper. It was submitted as a work in progress paper and so I am more than satisfied with the result.
It is also good to receive some feedback on the paper from the reviewers. Most notably, a discussion was given on the lack of discussion over the InetVis image, and the scope of the new work in relation to the related work section. Unfortunately, I feel that one of the reviewers did not consider the paper in the context of a work in progress submission and so not all of the feedback was useful.
Altogether a worthwhile result and so I guess a trip to JHB in July is now required…
Tags: InetVis, ISSA, Paper
Posted in Papers | No Comments »
Website, More InetVis and a touch of Nmap
Written by Barns on May 23, 2008 – 7:51 pmToday was a little bit slow. I started off well by redoing this site, so that it would produce nifty things such as RSS feeds. Its now using WordPress.
I managed to get the Linux version of InetVis to work with my crafted Ethernet frames which was great. I then started creating tcpdumps of the different types of Nmap scans. These will be analysed with Snort, Bro and InetVis.
Tags: Bro, Ethernet, InetVis, Linux, Nmap, Snort, tcpdump
Posted in Progress Reports | No Comments »
C++, InetVis, Snort and More
Written by Barns on May 22, 2008 – 5:35 pmToday I set about performing the following tasks:
- Setting up and Running Snort
- Testing Snort with a few Simple Scans
- Using InetVis with NULL Interface Traffic
I succeeded in setting up Snort and running it with just the sfportscan preprocessor. The README states that it is designed to match against Nmap scans and I attempted to get it to alert on these, but discovered that it doesn’t alert on a number of these scans.
In an attempt to use Nmap scans tartgeted at a FreeBSD disc Interface, I set about modifying InetVis to accept more than just Ethernet frames. This was a “Bad Idea”™. With some help from Nick and Wiresharks text2pcap tool, I wrote a program which converts a disc interface tcpdump file to text which can be processed by text2pcap to produce a file of Ethernet frames. This loads correctly into Wireshark, but still does not produce output in the Windows version of InetVis. I think that it is a bug…
I struggled to use C++ after such a long time of not using it, but it certainly improved as the afternoon wore on.
Tags: Ethernet, FreeBSD, InetVis, Nmap, sfportscan, Snort, tcpdump, Windows, Wireshark
Posted in Progress Reports | No Comments »
Today’s Progress
Written by Barns on May 21, 2008 – 5:05 pmThe following was done today:
- Reinstalled FreeBSD
- Installed Snort and Bro
- Installed other extras, like Nmap
- Learned about disc interfaces
- Fought with InetVis
I also got sidetracked into doing my final marking for this semester and having an aircon in the RUCUS room regassed.
Tags: Bro, FreeBSD, InetVis, Nmap, RUCUS, Snort
Posted in Progress Reports | No Comments »
